A CYBER-SECURITY STORM MAP

摘要

When a cyber-security event occurs, a person has to answer the following questions: what events are happening; where are the events occurring; and how much damage has occurred or will occur. This paper recommends a cyber-security monitoring system that provides correlation of time-series event data, a visual representation of the security events, and gives a predictive forecast of potential events based on known environmental states. The rationale for this comes from the need to have an overall view of security events or storms that are occurring on a network while providing information in reference to severity and a propagation pattern. Thus, it can potentially provide an early warning so that events or storms can be proactively mitigated. In addition, it can help in making business decisions by determining or understanding the relationship between the computing devices and the business/information technology services they make up.